Wednesday, December 5, 2012

CredSSP across forests (except not)

Sorry, this post isn't going to give any insightful gleaning into how this works. I'm making a guess that it could work, but I would have to get a bunch of people to dedicate time and cycles to making it work, and only a small number of said individuals would likely think it important enough to actually do.

We're in the process of domain consolidation, and the domain my office is moving to is admin'ed by different folks. Our farm is not moving, we're opting instead to keep it in its current domain and simply stand up 2013 in the new domain and (to channel some Xzibit here) "migrate while we migrate". There's trust issues (from a certificate standpoint, not human trust) meaning that anytime I try to RDP into my own servers, Windows complains that they're not trusted anymore (don't recall getting those warnings before when I was in my old domain trying to remote into servers in the current domain, so I'm guessing their GPO doesn't have our certificate server as trusted, or some other AD nonsense). Accordingly, it's fouled up my credential delegation configuration (or perhaps this is also GPO at work).

At any rate, I have actual work to do and don't have time just yet to suss this out...so...saying goodbye to PowerShell remoting for now...